Detections
Analytics
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-162)
critical Nessus Plugin ID 69721
Language:
Synopsis
The remote Amazon Linux AMI host is missing a security update.Description
Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.(CVE-2013-1486 , CVE-2013-1484)
An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
(CVE-2013-1485)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)
Solution
Run 'yum update java-1.7.0-openjdk' to update your system.See Also
Plugin Details
Severity: Critical
ID: 69721
File Name: ala_ALAS-2013-162.nasl
Version: 1.9
Type: local
Agent: unix
Published: 9/4/2013
Updated: 12/5/2022
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:java-1.7.0-openjdk, p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo, p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo, p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel, p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc, p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src, cpe:/o:amazon:linux
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Patch Publication Date: 3/2/2013